ICO - FER0851659: Difference between revisions

From GDPRhub
No edit summary
 
(general overhaul of the case)
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{| class="wikitable" style="width: 25%; margin-left: 10px; float:right;"
{{DPAdecisionBOX
! colspan="2" |ICO - FER0851659
|-
| colspan="2" style="padding: 20px; background-color:#023868;" |[[File:ICOLOGO.png|center]]
|-
|Authority:||[[ICO (UK)]]
[[Category:ICO (UK)]]
|-
| Jurisdiction: || [[Data Protection in the United Kingdom|United Kingdom]] [[Category: United Kingdom]]
|-
|Relevant Law:||[[Article 4 GDPR#1|Article 4(1) GDPR]]
[[Category:Article 4(1) GDPR]]


[[Article 9 GDPR]]
|Jurisdiction=United Kingdom
[[Category:Article 9 GDPR]]
|DPA-BG-Color=background-color:#023868;
|DPAlogo=LogoUK.png
|DPA_Abbrevation=ICO (UK)
|DPA_With_Country=ICO (UK)


[[Article 10 GDPR]]
|Case_Number_Name=FER0851659
[[Category:Article 10 GDPR]]
|ECLI=


[http://www.legislation.gov.uk/uksi/2004/3391/contents/made Regulation 5(3) EIR]
|Original_Source_Name_1=ICO
|-
|Original_Source_Link_1=https://ico.org.uk/media/action-weve-taken/decision-notices/2019/2616232/fer0851659.pdf
|Type:||Complaint
|Original_Source_Language_1=English
|-
|Original_Source_Language__Code_1=EN
|Outcome:||Rejected
|Original_Source_Name_2=
|-
|Original_Source_Link_2=
|Decided:||01.11.2019
|Original_Source_Language_2=
[[Category:2019]]
|Original_Source_Language__Code_2=
|-
|Published:||n/a
|-
|Fine:||none
|-
|Parties:||[https://www.canterbury.gov.uk/ Canterbury City Council]
|-
|National Case Number:||FER0851659
|-
|European Case Law Identifier:||n/a
|-
|Appeal:||n/a
|-
|Original Language:||[[Category:English]]
English
|-
|Original Source:||[https://ico.org.uk/media/action-weve-taken/decision-notices/2019/2616232/fer0851659.pdf ICO (EN)]
|}


The ICO issued a decision related to disclosure of information held by public authorities which was likely to include personal data.
|Type=Complaint
|Outcome=Rejected
|Date_Started=
|Date_Decided=01.11.2019
|Date_Published=
|Year=2019
|Fine=None
|Currency=
 
|GDPR_Article_1=Article 4(1) GDPR
|GDPR_Article_Link_1=Article 4 GDPR#1
|GDPR_Article_2=Article 9 GDPR
|GDPR_Article_Link_2=Article 9 GDPR
|GDPR_Article_3=Article 10 GDPR
|GDPR_Article_Link_3=Article 10 GDPR
|GDPR_Article_4=
|GDPR_Article_Link_4=
|GDPR_Article_5=
|GDPR_Article_Link_5=
 
|EU_Law_Name_1=
|EU_Law_Link_1=
|EU_Law_Name_2=
|EU_Law_Link_2=
 
|National_Law_Name_1=Regulation 5(3) EIR
|National_Law_Link_1=http://www.legislation.gov.uk/uksi/2004/3391/contents/made
|National_Law_Name_2=
|National_Law_Link_2=
|National_Law_Name_3=
|National_Law_Link_3=
 
|Party_Name_1=Canterbury City Council
|Party_Link_1=https://www.canterbury.gov.uk/
|Party_Name_2=
|Party_Link_2=
|Party_Name_3=
|Party_Link_3=
 
|Appeal_To_Body=
|Appeal_To_Case_Number_Name=
|Appeal_To_Status=
|Appeal_To_Link=
 
|Initial_Contributor=
|
}}
 
The Commissioner ruled that complaints about a property were the complainant's personal data and applied Regulation 5(3) of the EIR to prevent disclosure,


==English Summary==
==English Summary==


===Facts===
===Facts===
The complainant has requested the disclosure of information about complaints concerning a property over a defined time period. Canterbury City Council (the Council) withheld the information because it considered that the information requested was the personal data of third parties. Thus, the disclosure would have breach the GDPR principles. The complainant challenged the decision before the ICO.
On February 5, 2019, the complainant requested from Canterbury City Council ("the Council") copies of complaints made by third parties about a specific address from 1978 to December 2018. The Council refused, stating that the information was the personal data of the individuals who had submitted the complaints, and disclosing it would breach GDPR principles. The complainant then refined his request to a list of complaints with dates and summaries, but the Council again refused, citing the same reason. After an internal review upheld this position, the complainant contacted the Information Commissioner on June 15, 2019. Upon review, the Commissioner found that all the information was the complainant's own personal data, as the complainant and his family had owned or occupied the property in question during the specified period. The Commissioner thus applied Regulation 5(3) of the Environmental Information Regulations 2004 (EIR) to prevent disclosure. 
 
===Dispute===
Are the information contained in the complaints sensitive personal data? Would a disclosure to the word art large and not to the complainant only, contravene GDPR principles ?
 
===Holding===
===Holding===
The ICO decided that "as the complainant and his family have either owned or occupied the land in question during the time period specified, all the information falling within the scope of the request is in fact the complainant’s own personal data". The ICO applied Regulation 5(3) of the Environmental Information Regulations 2004 (EIR) which prevents disclosure to the world at large of information including personal data. Also, the ICO considered that the personal data at issue were criminal offence data about the complainant, as described by Article 10 GDPR, and not special category of personal data, as described by Article 9 GDPR.
The Information Commissioner held that since the complainant and his family had owned or occupied the property during the time specified in the request, all the information within the scope of the request was the complainant's own personal data. The Commissioner applied Regulation 5(3) of the EIR, which exempts personal data of the requester from disclosure under EIR. The Council's argument that disclosing the information would breach GDPR principles was not sufficient, as the data in question was primarily the complainant's own personal data. No further steps were required under the EIR.


==Comment==
==Comment==
Line 64: Line 82:
==Further Resources==
==Further Resources==
''Share blogs or news articles here!''
''Share blogs or news articles here!''
==English official version==
<pre>
to be completed..
</pre>

Latest revision as of 12:20, 10 July 2024

ICO (UK) - FER0851659
LogoUK.png
Authority: ICO (UK)
Jurisdiction: United Kingdom
Relevant Law: Article 4(1) GDPR
Article 9 GDPR
Article 10 GDPR
Regulation 5(3) EIR
Type: Complaint
Outcome: Rejected
Started:
Decided: 01.11.2019
Published:
Fine: None
Parties: Canterbury City Council
National Case Number/Name: FER0851659
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): English
Original Source: ICO (in EN)
Initial Contributor: n/a

The Commissioner ruled that complaints about a property were the complainant's personal data and applied Regulation 5(3) of the EIR to prevent disclosure,

English Summary

Facts

On February 5, 2019, the complainant requested from Canterbury City Council ("the Council") copies of complaints made by third parties about a specific address from 1978 to December 2018. The Council refused, stating that the information was the personal data of the individuals who had submitted the complaints, and disclosing it would breach GDPR principles. The complainant then refined his request to a list of complaints with dates and summaries, but the Council again refused, citing the same reason. After an internal review upheld this position, the complainant contacted the Information Commissioner on June 15, 2019. Upon review, the Commissioner found that all the information was the complainant's own personal data, as the complainant and his family had owned or occupied the property in question during the specified period. The Commissioner thus applied Regulation 5(3) of the Environmental Information Regulations 2004 (EIR) to prevent disclosure.

Holding

The Information Commissioner held that since the complainant and his family had owned or occupied the property during the time specified in the request, all the information within the scope of the request was the complainant's own personal data. The Commissioner applied Regulation 5(3) of the EIR, which exempts personal data of the requester from disclosure under EIR. The Council's argument that disclosing the information would breach GDPR principles was not sufficient, as the data in question was primarily the complainant's own personal data. No further steps were required under the EIR.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!